Requirements

The following sections describe the requirements and prerequisites for the Kubernetes reference platform.

Before starting the deployment, ensure you have the following tools and access:

  • Terraform 1.10.5: Terraform is the infrastructure as code tool used to manage the deployment. Version 1.10.5 is recommended at this time due to known issues in 1.11.0/1.11.1.

  • kubectl 1.34+: kubectl is the command-line tool for interacting with the Kubernetes cluster.

  • Root Access to the Kubernetes cluster: For full architecture deployment, root access is expected to the target Kubernetes cluster.

It is additionally recommended, but not required, to install Helm 3.17.0 or later, for troubleshooting Helm-based Kubernetes deployments.

Kubernetes Namespace Separation

Multiple namespaces are created in Kubernetes during the terraform application process in order to promote security and separation of the applications. All namespaces are created using variable var.k8s_namespace_prefix (default: log). Assuming the default value for k8s_namespace_prefix, Terraform creates the following namespaces in kubernetes:

Type Description
log LogScale Humio Operator, Strimzi Kafka Brokers / Controllers (Optional), Strimzi Kafka Operator (Optional), Ingestion Generator Pods (Optional)
log-topolvm TopoLVM Controller and Nodes
log-cert Cert Manager
log-ingress NGINX ingress controllers

Cluster Size Configuration

The cluster_size.tpl file specifies the available parameters for different sizes of LogScale clusters. This template defines various cluster sizes, for example xsmall, small, medium and their associated configurations, including node counts, instance types, disk sizes, and resource limits. The Terraform configuration uses this template to dynamically configure the LogScale deployment based on the selected cluster size.

The data from cluster_size.tpl is retrieved and rendered by the locals.tf file. The locals.tf file uses the jsondecode function to parse the template and select the appropriate cluster size configuration based on the logscale_cluster_size variable.

Example:

terraform
# Local Variables
  locals {
    # Render a template of available cluster sizes
    cluster_size_template = jsondecode(templatefile("${path.module}/cluster_size.tpl", {}))
    cluster_size_rendered = {
      for key in keys(local.cluster_size_template) :
      key => local.cluster_size_template[key]
    }
    cluster_size_selected = local.cluster_size_rendered[var.logscale_cluster_size]
  }

Setting LogScale Configuration Variables

LogScale will be configured with a default set of configuration values that can be overridden or added to by defining var.user_logscale_envars in your TFVAR_FILE. For example, to change default values for LOCAL_STORAGE_MIN_AGE_DAYS and LOCAL_STORAGE_PERCENTAGE, you can set this in your TFVAR_FILE, as shown in the following example:

terraform
user_logscale_envvars = [ { "name" = "LOCAL_STORAGE_MIN_AGE_DAYS", "value" = "7" }, { "name" = "LOCAL_STORAGE_PERCENTAGE", "value" = "85" } ]

This mechanism also supports referencing Kubernetes secrets should you provision them outside this Terraform:

terraform
user_logscale_envvars = [
        {
        "name" = "SECRET_LOGSCALE_CONFIGURATION",
        "valueFrom" = {
            "secretKeyRef" = {
                "key"  = "secret_value"
                "name" = "kubernetes_secret_name"
            }
        }
        },
        { "name" = "LOCAL_STORAGE_MIN_AGE_DAYS", "value" = "7" },
        { "name" = "LOCAL_STORAGE_PERCENTAGE", "value" = "85" }
    ]

The default environment values set by this Terraform are as follows:

Type Description
KAFKA_COMMON_SECURITY_PROTOCOL SSL
USING_EPHEMERAL_DISKS true
LOCAL_STORAGE_PERCENTAGE 80
LOCAL_STORAGE_MIN_AGE_DAYS 1
KAFKA_BOOTSTRAP_SERVERS var.kafka_broker_servers
KAFKA_SERVERS var.kafka_broker_servers
PUBLIC_URL https://${var.logscale_public_fqdn}
AUTHENTICATION_METHOD static
STATIC_USERS Kubernetes Secret: var.k8s_secret_static_user_logins
KAFKA_COMMON_SSL_TRUSTSTORE_TYPE * PKCS12
KAFKA_COMMON_SSL_TRUSTSTORE_PASSWORD * Kubernetes Secret: local.kafka_truststore_secret_name
KAFKA_COMMON_SSL_TRUSTSTORE_LOCATION * /tmp/kafka/ca.p12

Values marked with * are removed when var.provision_kafka_servers is set to false.

Bring Your Own Kafka

If Kafka already exists and meets the following expectations, it can be used in place of Strimzi created by this Terraform. Expected configuration:

  • Client Authentication: None (TBD)

  • KRaft Mode: Enabled

  • TLS Communications: Enabled

In order to use your own Kafka, make the following modifications to the execution instructions:

  • Set terraform variable provision_kafka_servers to false.

  • Set Terraform variable byo_kafka_connection_string to your connection string.

  • Do not execute the build of Strimzi in the following instructions.

Bring Your Own Certificate

By default, certificates will be generated and placed on the ingress. You can bring your own certificate to the ingress by:

  1. Importing or generating a certificate as a Kubernetes secret under the name <cluster_name>-tls-certificate

  2. Setting use_own_certificate_for_ingress to true in the .tfvars file

Targeted Terraform

When leveraging this Terraform repository, you must run terraform using the -target flag to apply specific modules. The latter half of the terraforming process requires access to a Kubernetes API to successfully plan and apply changes.

After the environment is fully built, the targeted approach isn't strictly required but remains recommended to ensure correct order of operations.